Optional TLS Settings

The following are optional TLS settings:

verify_host=ENABLE|DISABLE
When enabled, verify that the certificate provided by the server has a Common Name (CN) field or a Subject Alternate Name (SAN) field which matches the hostname in the URL that the mfsecretshashicorp vault provider is connecting to.

The default value is ENABLE.

For example, in the configuration file:

verify_host=ENABLE
verify_peer=ENABLE|DISABLE
When enabled, the mfsecretshashicorp vault provider will verify the authenticity of the server's certificate against the certification authority (CA) certificates supplied to the ca_path config option.

The default value is ENABLE.

For example, in the configuration file:

verify_peer=ENABLE
tls_protocol=TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3
Specifies which TLS protocols the mfsecretshashicorp vault provider can use.

where:

TLSv1_0
TLS v1.0 or later. This is the default value.
TLSv1_1
TLS v1.1
TLSv1_2
TLS v1.2
TLSv1_3
TLS v1.3

For example, in the configuration file:

tls_protocol=TLSv1_3